Requirements

Step 1: Configure CentOS for Samba4 AD DC

1. Before starting to join CentOS 7 Server into a Samba4 DC you need to assure that the network interface is properly configured to query domain via DNS service.

Run ip address command to list your machine network interfaces and choose the specific NIC to edit by issuing nmtui-edit command against the interface name, such as ens33 in this example, as illustrated below.

# ip address
# nmtui-edit ens33

List Network Interfaces

2. Once the network interface is opened for editing, add the static IPv4 configurations best suited for your LAN and make sure you setup Samba AD Domain Controllers IP addresses for the DNS servers.

Also, append the name of your domain in search domains filed and navigate to OK button using [TAB] key to apply changes.

The search domains filed assures that the domain counterpart is automatically appended by DNS resolution (FQDN) when you use only a short name for a domain DNS record.

Configure Network Interface

3. Finally, restart the network daemon to apply changes and test if DNS resolution is properly configured by issuing series of ping commands against the domain name and domain controllers short names as shown below.

10. After the machine has been joined to domain, verify if winbind service is up and running by issuing the below command.

# systemctl status winbind.service

11. Then, check if CentOS machine object has been successfully created in Samba4 AD. Use AD Users and Computers tool from a Windows machine with RSAT tools installed and navigate to your domain Computers container. A new AD computer account object with name of your CentOS 7 server should be listed in the right plane.

12. Finally, tweak the configuration by opening samba main configuration file (/etc/samba/smb.conf) with a text editor and append the below lines at the end of the [global] configuration block as illustrated below:

winbind use default domain = true
winbind offline logon = true

Configure Samba

13. In order to create local homes on the machine for AD accounts at their first logon run the below command.

# authconfig --enablemkhomedir --update

14. Finally, restart Samba daemon to reflect changes and verify domain joining by performing a logon on the server with an AD account. The home directory for the AD account should be automatically created.

# systemctl restart winbind
# su - domain_account

Verify Domain Joining

15. List the domain users or domain groups by issuing one of the following commands.

# wbinfo -u
# wbinfo -g

List Domain Users and Groups

16. To get info about a domain user run the below command.

# wbinfo -i domain_user

List Domain User Info

17. To display summary domain info issue the following command.

# net ads info

List Domain Summary

Step 3: Login to CentOS with a Samba4 AD DC Account

18. To authenticate with a domain user in CentOS, use one of the following command line syntaxes.

# su - ‘domain\domain_user’
# su - domain\domain_user

Or use the below syntax in case winbind use default domain = true parameter is set to samba configuration file.

21. To leave the domain run the following command against your domain name using a domain account with elevated privileges. After the machine account has been removed from the AD, reboot the machine to revert changes before the integration process.

# net ads leave -w DOMAIN -U domain_admin
# init 6

That’s all! Although this procedure is mainly focused on joining a CentOS 7 server to a Samba4 AD DC, the same steps described here are also valid for integrating a CentOS server into a Microsoft Windows Server 2012 Active Directory.